From 1aca4018133493ad1049693efe3a896a36e3c4e4 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Fri, 28 Aug 2015 22:32:30 -0700 Subject: [PATCH] Don't name 'eth0' in MASQUERADE rule This causes endless loops of adding duplicate rules on machines without "eth0". --- pkg/kubelet/container_bridge.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pkg/kubelet/container_bridge.go b/pkg/kubelet/container_bridge.go index d37497d12f9..7b5377a283f 100644 --- a/pkg/kubelet/container_bridge.go +++ b/pkg/kubelet/container_bridge.go @@ -121,13 +121,23 @@ func cbr0CidrCorrect(wantCIDR *net.IPNet) bool { // TODO(dawnchen): Using pkg/util/iptables func ensureIPTablesMasqRule() error { // Check if the MASQUERADE rule exist or not - if err := exec.Command("iptables", "-t", "nat", "-C", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err == nil { + if err := exec.Command("iptables", + "-t", "nat", + "-C", "POSTROUTING", + "!", "-d", "10.0.0.0/8", + "-m", "addrtype", "!", "--dst-type", "LOCAL", + "-j", "MASQUERADE").Run(); err == nil { // The MASQUERADE rule exists return nil } glog.Infof("MASQUERADE rule doesn't exist, recreate it") - if err := exec.Command("iptables", "-t", "nat", "-A", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err != nil { + if err := exec.Command("iptables", + "-t", "nat", + "-A", "POSTROUTING", + "!", "-d", "10.0.0.0/8", + "-m", "addrtype", "!", "--dst-type", "LOCAL", + "-j", "MASQUERADE").Run(); err != nil { return err } return nil